CVE-2025-66374 – This vulnerability in CyberArk Endpoint Privile... (How to Fix)

Q: What is the severity of CVE-2025-66374?

CVE-2025-66374 has a CVSS score of 7.8 (HIGH). This vulnerability in CyberArk Endpoint Privilege Manager Agent allows a local user to escalate privileges by exploiting policy elevation of an Administration task. It affects organizations using CyberArk EPM Agent versions through 25.10.0. Attackers with local access can gain elevated privileges on affected endpoints.

📋 TL;DR

This vulnerability in CyberArk Endpoint Privilege Manager Agent allows a local user to escalate privileges by exploiting policy elevation of an Administration task. It affects organizations using CyberArk EPM Agent versions through 25.10.0. Attackers with local access can gain elevated privileges on affected endpoints.

💻 Affected Systems

Products:

CyberArk Endpoint Privilege Manager Agent

Versions: through 25.10.0

Operating Systems: Windows, Linux, macOS (if supported by EPM)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all configurations where CyberArk EPM Agent is installed and the vulnerable version is running.

📦 What is this software?

Endpoint Privilege Manager by Cyberark

View all CVEs affecting Endpoint Privilege Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access gains full administrative control over the endpoint, potentially compromising the entire endpoint privilege management system and accessing sensitive credentials.

🟠

Likely Case

Malicious insider or compromised user account escalates privileges to bypass security controls, install malware, or access restricted resources.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to isolated endpoints with quick detection and remediation.

🌐 Internet-Facing: LOW - Requires local access to the endpoint, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Local attackers or compromised accounts can exploit this to gain elevated privileges on internal systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires local user access but appears to be straightforward exploitation based on the description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 25.12.0 or later

Vendor Advisory: https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-whatsnew25-12.htm#Security

Restart Required: Yes

Instructions:

1. Download CyberArk EPM Agent version 25.12.0 or later from CyberArk portal. 2. Deploy the update through your endpoint management system. 3. Restart affected endpoints to complete installation.

🔧 Temporary Workarounds

Restrict local user privileges

all

Limit local user account privileges to reduce attack surface

Enhanced monitoring of Administration tasks

all

Increase logging and monitoring of privilege elevation events

🧯 If You Can't Patch

Implement strict least privilege access controls for all user accounts
Deploy enhanced endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check CyberArk EPM Agent version on endpoints - if version is 25.10.0 or earlier, system is vulnerable.

Check Version:

On Windows: Check CyberArk EPM Agent version in Control Panel > Programs and Features. On Linux: Check package version via package manager.

Verify Fix Applied:

Verify CyberArk EPM Agent version is 25.12.0 or later after patch deployment.

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Administration task execution by non-admin users
Failed privilege elevation attempts

Network Indicators:

Unusual outbound connections from endpoints after privilege escalation

SIEM Query:

source="CyberArk EPM" AND (event_type="privilege_escalation" OR task="Administration")

📊 Metadata

CVE ID: CVE-2025-66374

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.01% exploit probability (1.7th percentile)

Published: February 3, 2026

Last Updated: February 28, 2026

🔗 References

https://docs.cyberark.com/epm/latest/en/content/release%20notes/rn-whatsnew25-12.htm#Security Release Notes
https://www.cyberark.com/ca26-01 Permissions Required
https://www.cyberark.com/product-security/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66374, you might also want to check these: